Re: [exim] Wildcard CN verify error

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Jeremy Harris at <-
MMEvgeniy Berdnikov at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Wildcard CN verify error
On 20/04/2023 06:18, Jasen Betts via Exim-users wrote:
> On 2023-04-18, Lance Lovette via Exim-users <exim-users@???> wrote:
>>> This is a name mismatch: mailgun.org != mailgun.com.
>>
>> Perhaps it's time for a larger font size :) I will put on my dunce cap and
>> go sit in the corner. But shame on Mailgun for responding to .com with a
>> .org certificate!
>>
>> Lance
>
> Their .com is a cname pointing to the .org, so the same host is both
> .com and .org, but their host isn't using SNI.

This raises the question: should the name-check be against the CNAME-resolved
name rather than the initial? Both?
I've not hunted through standards yet.
--
Cheers,
Jeremy


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Wildcard CN verify errorRe: [exim] Wildcard CN verify error->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)